c0d3x27/CVEs

Releases0

This a collection of proof-of-concept exploits for various Common Vulnerabilities and Exposures (CVEs) that I have personally discovered. Whether you are passionate about cybersecurity, dedicated to ethical hacking, or simply intrigued by the world of vulnerabilities, you have come to the right place!

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-40137 ↗	Jul 24, 2024Wednesday, 24 July 2024, 19:15	5.5 MEDIUM	—
Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.
CVE-2024-26542 ↗	Feb 27, 2024Tuesday, 27 February 2024, 22:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.
CVE-2024-23756 ↗	Feb 8, 2024Thursday, 8 February 2024, 21:15	7.5 HIGH	—
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.
CVE-2024-23054 ↗	Feb 5, 2024Monday, 5 February 2024, 16:15	9.8 CRITICAL	—
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).
CVE-2024-23055 ↗	Jan 25, 2024Thursday, 25 January 2024, 22:15	6.1 MEDIUM	—
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
CVE-2023-27098 ↗	Jan 9, 2024Tuesday, 9 January 2024, 02:15	7.5 HIGH	—
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.